[Haifux] Reporting forum spammers per IP

Maxim Kovgan kovganm at gmail.com
Sat Sep 21 20:17:03 MSD 2013


I'd second Orna's approach, with a refinement:

   - IP range ban should be temporarily
   - only select eu/us/ca ISPs' abuse teams should be contacted.

Also, worth mentioning:
I've just snooped around for python IP ownership lookups (via RIRs DBs) and
found no 1 tool for this.
It is strange, maybe people approach this problem differently ?
Like a fail2ban hook maybe ? (http://www.fail2ban.org/wiki/index.php/Apache)

Regards.




On Thu, Sep 19, 2013 at 5:24 PM, Eli Billauer <eli at billauer.co.il> wrote:

> **
>
> Hi all,
>
> I'm running a little phpBB forum, which is being bomarded by attempts to
> submit spam posts. I've solved the core problem already (i.e. preventing
> the spamming itself and the flood of new users) down to zero, but I've
> noticed a huge amount of attempts -- I'm at ~800,000 hits per month, and
> it's not getting any better.
>
> It's quite easy to tell a spammer's IP watching the HTTP logs, so it's not
> a big deal to write a simple script and find the offending IPs, and block
> the worst of them individually. In fact, I've already done that.
>
> But now I want revenge: I'd like to make the spammers' hosting providers
> aware of their user activity. Is there any convention on how to
> automatically track down who should be contacted for each and every IP? Or
> maybe some database, where hosting providers are really looking?
>
> I expect some dozens of these every month. So an automated reporting
> method should be possible.
>
> Thanks in advance,
>    Eli
>
>  --
> Web: http://www.billauer.co.il
>
>
> _______________________________________________
> Haifux mailing list
> Haifux at haifux.org
> http://haifux.org/mailman/listinfo/haifux
>
>


-- 
Maxim Kovgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://haifux.org/pipermail/haifux/attachments/20130921/1597dde3/attachment.html 


More information about the Haifux mailing list